Finix
Finix makes it easy for businesses to process payments while maximizing revenue and reducing costs.
Payment Systems • Payment Facilitation • Risk and Undewriting • Payment Infrastructure • APIs
51 - 200
Compliance/Security Monitoring and Reporting Analyst
September 5
Finix
Finix makes it easy for businesses to process payments while maximizing revenue and reducing costs.
Payment Systems • Payment Facilitation • Risk and Undewriting • Payment Infrastructure • APIs
51 - 200
Description
• Identify and validate key controls from enterprise and functional risk assessments to mitigate risks. • Ensure annual updates to the Enterprise and functional risk assessments (Ops, Tech, People, Legal, IT) are completed and communicated to support SOC and InfoSec policy administration. • Manage key risk updates and remediation in our Drata GRC tool. • Develop and execute quarterly internal risk self-assessments and mini-audits of key controls, documenting required remediation to stay ahead of potential risks. • Oversee critical areas such as User Access reviews, Firewall rules reviews, Change Management, Vulnerability Management, Business Continuity/Disaster Recovery, and Employee training compliance. • Ensure compliance with PCI requirements for merchants, sub-merchants, and vendor PCI/SOC reports, and run OFAC sanctions screening during vendor approvals and contract renewals. • Conduct comprehensive compliance and risk reviews for all vendors and clients, ensuring they meet the corporate InfoSec program's requirements. • Operate the vendor re-review process, ensuring alignment with PCI, SOC, and Sponsor Bank requirements, and maintain thorough documentation for audits. • Gather evidence and documentation for external audits related to Compliance and InfoSec programs, including those by PCI QSA, SOC Audit firm, AML Independent Audit firm, Visa, Mastercard, American Express, Discover, and sponsor banks. • Track and document any required remediation from audit findings to ensure ongoing compliance.
Requirements
• Payments experience • An aptitude for digging deep into Information Security requirements • 3+ years of experience in PCI, SOC, security audits, AML audits or equivalent assessments (client-side, servicer, assessor, or industry consultant) • A talent for analyzing requirements of Information Security and Compliance frameworks, particularly as they relate to the payment industry, and crafting solutions for adherence • Knowledge of cloud computing and nuances of managing in an AWS/Microsoft/Google cloud vs. traditional on-premise data centers • Optional: Industry certifications (CRISC, CTPRP, SSCP, CISSP, CISA, CISM) that demonstrate your desire to be the best at what you do
Apply NowSimilar Jobs
September 5
Dataprise
201 - 500
Provide technical expertise as a Cyber Security Engineer in Dataprise's SOC.
September 4
VivSoft
51 - 200
Join VivSoft as a Mid-Level Cybersecurity Engineer for DoD project security.
September 4
Included Health
1001 - 5000
Enhance application security for Included Health's engineering environment.
August 31
Kalderos
51 - 200
Manage cyber security program at Kalderos to defend against threats.
🇺🇸 United States – Remote
💵 $100k - $140k / year
💰 $14.9M Venture Round on 2022-09
⏰ Full Time
🟡 Mid-level
🟠 Senior
👮♂️ Security Engineer
🗽 H1B Visa Sponsor
August 31
ONE
201 - 500
Define and implement One’s Information Security strategy as a GRC Security Analyst.